From the category archives:

Forensic tools

The Meaning of LEAK Records

by Mike Murr on September 10, 2009

Recovering a FAT filesystem directory entry in five phases

by Mike Murr on May 24, 2007

The five phases of recovering digital evidence

by Mike Murr on May 8, 2007

How forensic tools recover digital evidence (data structures)

by Mike Murr on May 5, 2007

Evaluating Forensic Tools: Beyond the GUI vs Text Flame War

by Mike Murr on May 2, 2007

Two tools to help debug shellcode

by Mike Murr on December 24, 2006

The basics of how digital forensics tools work

by Mike Murr on December 3, 2006

“Forensically Sound Duplicate” (Update)

by Mike Murr on August 22, 2006

“Forensically Sound Duplicate”

by Mike Murr on August 2, 2006